def tinc_stage3_routing():
for server in sorted(metadata.servers):
if server <> env.host_string:
cuisine.file_append(
"/etc/tinc/%s/tinc.conf" % metadata.config["domain"], """
ConnectTo = %s
""" % server)
cuisine.file_append(
"/etc/tinc/%s/tinc-up" % metadata.config["domain"], """
#
# tinc routing configuration: forward packets for the docker network ips on server %s
#
VPN_BASE="%s"
NET="%s"
GW="${VPN_BASE}.%s"
NETMASK="%s"
if [[ "$(uname -o 2>/dev/null)" == "GNU/Linux" ]]; then
/sbin/route add -net "${NET}" netmask "${NETMASK}" gw "${GW}"
else
/sbin/route add -net "${NET}" "${GW}" "${NETMASK}"
fi
""" % (server, metadata.config["vpn_base"],
CIDR(metadata.servers[server]["dockernet"])[0],
metadata.config["idx"][server],
CIDR(metadata.servers[server]["dockernet"]).netmask))
def tinc_stage3_routing():
for server in sorted(metadata.servers):
if server <> env.host_string:
cuisine.file_append("/etc/tinc/%s/tinc.conf" % metadata.config["domain"], """
ConnectTo = %s
""" % server)
cuisine.file_append("/etc/tinc/%s/tinc-up" % metadata.config["domain"], """
#
# tinc routing configuration: forward packets for the docker network ips on server %s
#
VPN_BASE="%s"
NET="%s"
GW="${VPN_BASE}.%s"
NETMASK="%s"
if [[ "$(uname -o 2>/dev/null)" == "GNU/Linux" ]]; then
/sbin/route add -net "${NET}" netmask "${NETMASK}" gw "${GW}"
else
/sbin/route add -net "${NET}" "${GW}" "${NETMASK}"
fi
""" % (
server,
metadata.config["vpn_base"],
CIDR(metadata.servers[server]["dockernet"])[0],
metadata.config["idx"][server],
CIDR(metadata.servers[server]["dockernet"]).netmask
))
def hosts_conf():
notify('Writing hostname and hosts files.')
cuisine.mode_sudo()
sudo('echo "{NAME}" > /etc/hostname'.format(NAME=MACHINE['KEY']))
sudo('hostname -F /etc/hostname')
hosts = cuisine.text_template(templates.hosts, MACHINE)
cuisine.file_append('/etc/hosts', hosts)
def tinc_stage3_fip_routing():
#
# do not run this code if you are working with physical midonet gateways for a demo
#
if "midonet_gateway" not in metadata.roles:
return
#
# on all machines that do not host a midonet_gateway container: send the traffic to a machine hosting a midonet gw container
#
if env.host_string not in metadata.roles["midonet_gateway"]:
for server in metadata.servers:
if server in metadata.roles["midonet_gateway"]:
fip_router_ip = "%s.%s" % (metadata.config["vpn_base"], metadata.config["idx"][server])
continue
#
# on all machines that host a midonet gateway container: send the traffic to the midonet_gateway container on this box
#
else:
#
# SNAT the fip network
#
run("""
FIP_BASE="%s"
DEFAULT_GW_IFACE="$(ip route show | grep 'default via' | awk -Fdev '{print $2;}' | xargs -n1 echo)"
iptables -t nat -I POSTROUTING -o "${DEFAULT_GW_IFACE}" -s "${FIP_BASE}.0/24" -j MASQUERADE
for RFC1918 in "10.0.0.0/8" "172.16.0.0/12" "192.168.0.0/16"; do
iptables -t nat -I POSTROUTING -o "${DEFAULT_GW_IFACE}" -s "${FIP_BASE}.0/24" -d "${RFC1918}" -j ACCEPT
done
""" % metadata.config["fip_base"])
for container in metadata.containers:
if metadata.containers[container]["server"] == env.host_string:
if metadata.containers[container]["role"] == "midonet_gateway":
fip_router_ip = metadata.containers[container]["ip"]
continue
cuisine.file_append("/etc/tinc/%s/tinc-up" % metadata.config["domain"], """
#
# route FIP traffic to this local container
#
NET="%s"
NETMASK="255.255.255.0"
GW="%s"
if [[ "$(uname -o 2>/dev/null)" == "GNU/Linux" ]]; then
/sbin/route add -net "${NET}" netmask "${NETMASK}" gw "${GW}"
else
/sbin/route add -net "${NET}" "${GW}" "${NETMASK}"
fi
""" % (metadata.config["fip_base"], fip_router_ip))
def hosts_conf():
notify('Writing hostname and hosts files.')
cuisine.mode_sudo()
sudo('echo "{NAME}" > /etc/hostname'.format(NAME=MACHINE['KEY']))
sudo('hostname -F /etc/hostname')
hosts = cuisine.text_template(templates.hosts, MACHINE)
cuisine.file_append('/etc/hosts', hosts)
def _condition_centos_network(self):
for iface in self.interfaces['add']:
file_path = "/mnt/etc/sysconfig/network-scripts/ifcfg-" + iface
bootp = self.interfaces['add'][iface]['bootp']
if bootp == 'dhcp':
text = text_strip_margin("""
|#TEEFAA-BEGIN
|# The contents below are automatically generated by Teefaa. Do not modify.
|DEVICE="{iface}"
|BOOTPROTO="dhcp"
|NM_CONTROLLED="no"
|ONBOOT="yes"
|TYPE="Ethernet"
|#TEEFAA-END
|""".format(iface=iface))
with mode_sudo():
file_write(file_path, text)
elif bootp == 'static':
address = self.interfaces['add'][iface]['address']
netmask = self.interfaces['add'][iface]['netmask']
text = text_strip_margin("""
|# The contents below are automatically generated by Teefaa. Do not modify.
|NM_CONTROLLED=no
|BOOTPROTO=none
|ONBOOT=yes
|IPADDR={addr}
|NETMASK={mask}
|DEVICE={iface}
|PEERDNS=no
|""".format(iface=iface,
addr=address, mask=netmask))
with mode_sudo():
file_write(file_path, text)
try:
gateway = self.interfaces['add'][iface]['gateway']
text = "GATEWAY=" + gateway + '\n'
with mode_sudo():
file_append(file_path, text)
except:
pass
try:
dnsserver = self.interfaces['add'][iface]['dnsserver']
except:
dnsserver = None
if dnsserver:
text = "DNS1={d}\n".format(d=dnsserver)
with mode_sudo():
file_append(file_path, text)
def initialize():
"""Log in to the server as root and create the initial user/group"""
env.user = '******'
mode_user()
group_ensure(env.remote_group)
user_ensure(env.remote_user, shell='/bin/bash')
group_user_ensure(env.remote_user, env.remote_group)
# copy local public key to user's authorized_keys for convenience
if os.path.exists('~/.ssh/id_rsa.pub'):
f = open('~/.ssh/id_rsa.pub', 'rb')
ssh_authorize(env.remote_user, f.read())
f.close()
file_append("/etc/sudoers", "%(remote_user)s ALL=(ALL) NOPASSWD:ALL\n" % env)
def ssh_pam_config():
puts(green('Setup PAM for SSHD'))
# setting PAM
pam_ssh = '/etc/pam.d/sshd'
if not 'pam_access.so' in cuisine.file_read(pam_ssh):
cuisine.file_append(pam_ssh, 'account required pam_access.so')
# check SSHD config
if not 'UsePAM yes' in cuisine.file_read('/etc/ssh/sshd_config'):
puts(yellow('\'UserPAM no\' in sshd_config '))
# Upload
download_and_upload('ssh/%s-access.conf', '/etc/security/access.conf')
puts(green('Success'))
def _append_data_dir_fstab(self, file_path, device, data_num):
try:
data_format = self.disk_config['data']['format']
data_dir = self.disk_config['data']['dir']
if data_format == 'xfs':
line = "{dev}{num} {d} xfs defaults,noatime 0 0".format(
dev=device,num=data_num,d=data_dir)
elif data_format in ['ext3', 'ext4']:
line = "{dev}{num} {d} {f} defaults 0 0".format(
dev=device,num=data_num,d=data_dir,f=data_format)
else:
line = "#Data partition is not mounted by Teefaa."
with mode_sudo():
file_append(file_path, line+'\n')
except:
pass
def _condition_ubuntu_network(self):
text = text_strip_margin("""
|# This file describes the network interfaces available on your system
|# and how to activate them. For more information, see interfaces(5).
|
|# The loopback network interface
|auto lo
|iface lo inet loopback
|""")
file_path = "/mnt/etc/network/interfaces"
with mode_sudo():
file_write(file_path, text)
for iface in self.interfaces['add']:
bootp = self.interfaces['add'][iface]['bootp']
if bootp == 'dhcp':
text = text_strip_margin("""
|# {iface}
|auto {iface}
|iface {iface} inet dhcp
|""".format(iface=iface))
with mode_sudo():
file_append(file_path, text)
elif bootp == 'static':
address = self.interfaces['add'][iface]['address']
netmask = self.interfaces['add'][iface]['netmask']
text = text_strip_margin("""
|# {iface}
|auto {iface}
|iface {iface} inet static
| address {addr}
| netmask {mask}
|""".format(iface=iface,
addr=address, mask=netmask))
with mode_sudo():
file_append(file_path, text)
try:
gateway = self.interfaces['add'][iface]['gateway']
except:
gateway = None
if gateway:
text = " gateway {g}\n".format(g=gateway)
with mode_sudo():
file_append(file_path, text)
try:
dnsserver = self.interfaces['add'][iface]['dnsserver']
except:
dnsserver = None
if dnsserver:
text = " dns-nameservers {d}\n".format(d=dnsserver)
with mode_sudo():
file_append(file_path, text)
else:
raise TypeError("network_config: {0} is not supported.\n".format(iface))
def upgrade_agent():
puts(green('Upgrade Agent'))
# Prepare
upgrade_common()
# Upgrade
proxy(sudo, 'yum upgrade cloudstack-agent -y')
# Verify
path = '/etc/cloudstack/agent/environment.properties'
str = 'paths.script=/usr/share/cloudstack-common'
if not str in cuisine.file_read(path):
cuisine.file_append(path, '\n%s\n' % str)
# Restart
cuisine.upstart_stop('cloudstack-agent')
sudo('killall jsvc', warn_only=True)
cuisine.upstart_ensure('cloudstack-agent')
puts(green('Success'))
def management():
puts(green('Setup Management Server'))
# Install
install_package('cloudstack-management')
# Load File
config = ConfigParser.SafeConfigParser()
config.read(config_read_path('./config/management/db.ini'))
user = config.get('cloud', 'user')
password = config.get('cloud', 'password')
deploy_user = config.get('deploy', 'user')
deploy_password = config.get('deploy', 'password')
server = config.get('deploy', 'server')
if None in [ user, password, deploy_user, deploy_password, server ]:
abort('Check config/agent/db.ini')
# Initialize
run('cloudstack-setup-databases "%s:%s@%s" "--deploy-as=%s:%s"' % (user, password, server, deploy_user, deploy_password))
tmp = 'Defaults:cloud !requiretty'
if not '\n' + tmp in cuisine.file_read('/etc/sudoers'):
cuisine.file_append('/etc/sudoers', '\nDefaults:cloud !requiretty\n')
run('cloudstack-setup-management')
sudo('chkconfig cloudstack-management on')
sudo('chown cloud:cloud /var/log/cloudstack/management/catalina.out')
# NFS Client
for service in [ 'rpcbind', 'nfs' ]:
cuisine.upstart_ensure(service)
sudo('chkconfig %s on' % service)
# Setting Storage
cuisine.dir_ensure('/mnt/primary', recursive=True)
cuisine.dir_ensure('/mnt/secondary', recursive=True)
config.read(config_read_path('./config/management/nfs.ini'))
nfs_primary_path = config.get('primary', 'path')
nfs_primary_ip = config.get('primary', 'ipaddr')
nfs_secondary_path = config.get('secondary', 'path')
nfs_secondary_ip = config.get('secondary', 'ipaddr')
if None in [ nfs_primary_path, nfs_primary_ip, nfs_secondary_path, nfs_secondary_ip ]:
abort('Check config/agent/nfs.ini')
sudo('mount -t nfs %s:%s /mnt/primary' % (nfs_primary_ip, nfs_primary_path))
sleep(5)
sudo('mount -t nfs %s:%s /mnt/secondary' % (nfs_secondary_ip, nfs_secondary_path))
sleep(5)
sudo('rm -rf /mnt/primary/*')
sudo('rm -rf /mnt/secondary/*')
proxy(sudo, '/usr/share/cloudstack-common/scripts/storage/secondary/cloud-install-sys-tmplt -m /mnt/secondary -u http://d21ifhcun6b1t2.cloudfront.net/templates/4.2/systemvmtemplate-2013-06-12-master-kvm.qcow2.bz2 -h kvm -F')
sudo('sync')
for dir in [ '/mnt/primary', '/mnt/secondary' ]:
sudo('umount %s' % dir)
sudo('rmdir %s' % dir)
puts(green('Success'))
def tinc_stage3_fip_routing():
#
# do not run this code if you are working with physical midonet gateways for a demo
#
if "midonet_gateway" not in metadata.roles:
return
#
# on all machines that do not host a midonet_gateway container: send the traffic to a machine hosting a midonet gw container
#
if env.host_string not in metadata.roles["midonet_gateway"]:
for server in metadata.servers:
if server in metadata.roles["midonet_gateway"]:
fip_router_ip = "%s.%s" % (metadata.config["vpn_base"],
metadata.config["idx"][server])
continue
#
# on all machines that host a midonet gateway container: send the traffic to the midonet_gateway container on this box
#
else:
#
# SNAT the fip network
#
run("""
FIP_BASE="%s"
DEFAULT_GW_IFACE="$(ip route show | grep 'default via' | awk -Fdev '{print $2;}' | xargs -n1 echo)"
iptables -t nat -I POSTROUTING -o "${DEFAULT_GW_IFACE}" -s "${FIP_BASE}.0/24" -j MASQUERADE
for RFC1918 in "10.0.0.0/8" "172.16.0.0/12" "192.168.0.0/16"; do
iptables -t nat -I POSTROUTING -o "${DEFAULT_GW_IFACE}" -s "${FIP_BASE}.0/24" -d "${RFC1918}" -j ACCEPT
done
""" % metadata.config["fip_base"])
for container in metadata.containers:
if metadata.containers[container]["server"] == env.host_string:
if metadata.containers[container]["role"] == "midonet_gateway":
fip_router_ip = metadata.containers[container]["ip"]
continue
cuisine.file_append(
"/etc/tinc/%s/tinc-up" % metadata.config["domain"], """
#
# route FIP traffic to this local container
#
NET="%s"
NETMASK="255.255.255.0"
GW="%s"
if [[ "$(uname -o 2>/dev/null)" == "GNU/Linux" ]]; then
/sbin/route add -net "${NET}" netmask "${NETMASK}" gw "${GW}"
else
/sbin/route add -net "${NET}" "${GW}" "${NETMASK}"
fi
""" % (metadata.config["fip_base"], fip_router_ip))
def profile_conf():
notify('Configuring .profile settings.')
profile = cuisine.text_template(templates.profile, MACHINE)
cuisine.file_append(MACHINE['OWNER_PROFILE'], profile)
run('source ' + MACHINE['OWNER_PROFILE'])
def profile_conf():
notify('Configuring .profile settings.')
profile = cuisine.text_template(templates.profile, MACHINE)
cuisine.file_append(MACHINE['OWNER_PROFILE'], profile)
run('source ' + MACHINE['OWNER_PROFILE'])
